pdumpq can be used to take queued packets from netfilter/iptables and dump them to a file that decoders like tcpdump, ethereal, and snort can read. You can also just pipe it through to the packet decoder and see what is in those packets as they come in. This is also an easy way to populate your snort alert database with iptables data. Its features include automatic dumpfile rotation, filter on firewall marks and issue per-mark verdicts, and optional emailing of decoded packet dumps.
Joseph is a Python class and program that parses config files into iptables commands. It supports ACL definitions to reduce the repetition of rules. The config file format is a custom, native English-like format that supports internal, external, and DMZ interfaces with allowed, masqueraded, and redirected services (ports).
fireparse is an ADMLogger plugin that emails a report of all packets that have been logged by the kernel's packet filtering subsystem (iptables/netfilter or ipchains). The report includes source and destination ports, direction, logged packet count, matched rule, and fully resolved host names (if available). The email report can be formatted to plain text or a colored HTML table.
AMaViS (A Mail Virus Scanner) scans e-mail attachments for viruses using third-party virus scanners available for UNIX environments. It resides on a UNIX (Linux) machine and looks through the attached files arriving via e-mail, generates reports when a virus is found and sets the delivery on hold.
Xtradius is a radius server that permits you to handle user authentication and accounting request via external scripts. You can handle script requests for user accounting, user authentication, NAS start and NAS stop packets. You can also write additional information into the NAS detail logfile. Parameters to scripts are passed via command line options or environment variables, making it very simple to implement SQL-based user accounting, authentication and account expiration. It is also compatible with "standard" cistron radius server.
SLIS is a TCP/IP gateway for schools. It provides advanced functions to students and teachers, such as a filtering proxy/cache, email addresses, access control, Web replication, Web mirroring, an intranet Web server with PHP and PostgreSQL, user management, DHCP, remote monitoring of a global set of SLIS servers, live update, etc. All of this is provided by an easy-to-use Web interface. All of the project is in French, but work is in progress to make it international.
Harm acts as a four-way socket redirector that allows you to effectively make a TCP connection from the Internet to a host behind a Linux masquerade-style firewall. The server (behind the firewall) makes connections to the client (on the Internet). After a successful connection, it will bounce packets from a telnet client (Windows and Linux) to the Harm client, to the Harm server (Linux only), or to the telnet daemon behind the firewall.